Intel has reported a few memory bugs in its microprocessor firmware used by hundreds of firmware. These bugs reside inside some of the Intel Optane SSD and Intel Optane Data Center (DC) products. They rated as “high” risk with Common Vulnerability Scoring System (CVSS) scores of more than 7.
These bugs may allow escalation of privilege, denial of service (DoS), or information disclosure.
“Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Data Center products may allow escalation of privilege, denial of service, or information disclosure,” says Intel in an advisory.
- CVE-2021-33078: An attacker with privileged user access may perform denial of service via local access.
- CVE-2021-33077: An unauthenticated user can enable escalation of privilege via physical access.
- CVE-2021-33080: An unauthenticated user can enable information disclosure or escalation of privilege via physical access.
- CVE-2021-33074: An unauthenticated user can enable information disclosure via physical access.
- CVE-2021-33069: A privileged user can enable denial of service via local access.
- CVE-2021-33075: A privileged user can enable denial of service via local access.
- CVE-2021-33083: A privileged user can enable information disclosure via local access.
- CVE-2021-33082: An unauthenticated user can enable information disclosure via physical access.
Intel has also released the list of affected products. Have a look at this list.
- Intel Optane SSD DC D4800X Series all versions.
- Intel Optane SSD DC P4800X/P4801X Series before version E2010600.
- Intel Optane SSD P5800X Series before version L3010200.
- Intel Optane SSD 905P/900P Series all versions.
- Intel Optane Memory H10 with Solid State Storage Series all versions.
- Intel Optane Memory H20 with Solid State Storage Series all versions.
Intel has also released the updates that can be downloaded here. HP and Dell are among the first to release the new firmware for the bug.
